The Non-Access Stratum (NAS) count is part of a security context in a Long Term Evolution (LTE) system. In the LTE system, the NAS count may serve as a lifetime of a key to make the key fresh; and the NAS count ensures synchronization of the key between a User Equipment (UE) and a network, and resists replay attacks. Each Evolved Packet System (EPS) security context includes two independent NAS count values: an uplink NAS count value, and a downlink NAS count value. The counters of the two NAS count values are maintained independently by the UE and a Mobility Management Entity (MME) respectively.
The length of the NAS count is 32 digits, and is composed of two parts: NAS sequence number (SQN), and NAS overflow value. The NAS SQN is made up of 8 digits, and the NAS overflow value is made up of 16 digits. The NAS SQN is carried in every NAS message. When a new or retransmitted NAS message under security protection is sent, the sender adds 1 to the NAS SQN value; when the NAS SQN comes to the maximum value and one cycle is complete, the NAS overflow value increases by 1.
In the prior art, when the MME detects that the downlink NAS count value is about to wrap around, namely, when the NAS count value closes to the maximum value 224, the MME triggers a new EPS Authentication and Key Agreement (AKA) authentication procedure to set up a new security context. When the security context is activated, the NAS count value is initialized to 0. When the MME detects that the uplink NAS count value of the UE also closes to the maximum value, namely, when it is about to wrap around, the MME triggers an EPS AKA authentication procedure.
In the prior art, the MME triggers the EPS AKA authentication procedure hardly when detecting that the NAS count value is about to wrap around, and releases the connection once the EPS AKA authentication procedure fails. Such security processing leads to a waste of resources.